Low-authority TLDs

The LOW_AUTH_TLD weakness signal fires when a ranking result's domain ends in a free or novelty TLD historically associated with spam, temporary sites, or throwaway publishing.

Which TLDs qualify

SERPTool flags these as low-authority:

.tk · .ml · .ga · .cf · .gq · .xyz · .top · .click · .work

The first five (.tk, .ml, .ga, .cf, .gq) are historically free TLDs — Freenom gave them away by the million, making them the default choice for spam operations, link farms, and throwaway sites. They're so saturated with abuse that major registrars and hosts have stopped offering them.

The next four (.xyz, .top, .click, .work) are cheap novelty TLDs that attract low-quality content because the barrier to entry is tiny. Not inherently spam, but over-represented in problem SERPs.

Why it's a weakness

Google doesn't officially penalise these TLDs. But quality-rater guidelines and published patents suggest TLD is a minor algorithmic signal that interacts with other trust signals: on a borderline ranking decision, a .xyz page loses to a .com page with otherwise-equal content. Search engine marketers have observed this empirically for over a decade.

A page from .xyz ranking top 10 is therefore doing it despite this handicap. Either:

• The keyword is under-served so Google had nothing better (opportunity).
• The page has genuinely strong other signals (content, links) that overcame the TLD drag — meaning if you publish equivalent quality on a .com or .io, you have a small but real edge.

Reading it with other signals

LOW_AUTH_TLD rarely fires alone. It usually co-occurs with:

• LOW_DS + NO_BL — because spam/throwaway TLDs rarely earn real links.
• HIGH_SS — because the same domains doing spam often trigger the spam-score threshold.
• THIN_CONTENT — filler content is what these sites typically produce.

When LOW_AUTH_TLD fires alongside HIGH_SS, treat the result as about-to-drop (see HIGH_SS in the technical weaknesses page).

When it fires alone — unusual — the page probably has decent content and is ranking on other merits. These are the interesting cases: study the content, see what the page did well despite the handicap, borrow the playbook.

What the signal does NOT tell you

• Not every .xyz is spam. Google's abc.xyz holding page is on .xyz. Plenty of indie SaaS uses .xyz or .work as a style choice. The signal is probabilistic, not deterministic.
• Country-code TLDs aren't flagged. .uk, .de, .ca, .in etc. are legitimate ccTLDs and don't trigger LOW_AUTH_TLD even when the domain is new.
• New gTLDs like .io, .dev, .app, .co aren't flagged. They've become mainstream, especially for tech products.

Tactical use

If you're choosing a TLD for a new site: .com remains the strongest default. .io, .app, .dev, .co are fine for tech audiences. Avoid anything on the LOW_AUTH_TLD list.

If you're reviewing competitor SERPs and see .xyz domains ranking: that keyword is almost certainly winnable with a .com and equivalent content.

Where SERPTool shows this

• Single icon in the per-keyword Weaknesses column (rarely the headline signal)
• Dot per result in the SERP Breakdown
• LOW_AUTH_TLD boolean column in the Full SERP CSV export

Next steps

• All 17 weakness signals
• Authority weaknesses
• UGC-heavy SERPs